Using Sysmon for Linux to Monitor Against MITRE ATT&CK Techniques
1 min read
Nov 09, 2022
There was a lot covered at this year’s 2022 RhythmWorld Security Conference! In one of our more technical sessions, we discussed Microsoft Sysinternals’ recent release of Sysmon for Linux, an open-source Linux system monitoring tool.
You can find the project on their Github page to view the documentation and source; there are plenty of resources about how to download, install, and configure the Sysmon for Linux software. In this blog, we will cover the next steps you can take to use the logs that it generates, as well as where to best use them within LogRhythm SIEM.
When assessing how Sysmon for Linux works, there are a lot of similarities to Sysmon for Windows in how it can be configured and how the logs are generated. Of course, with different operating system architectures, there are some changes, too.
The link for this article located at Security Boulevard is no longer available.
Related Articles
1 - 0 min read
Hacked VMs Reveal New Attack Risks
1 - 0 min read
Linux Kernel 'Make-Me-Root' Flaw Threatens Popular Distros
1 - 0 min read
Multiple Chromium DoS, Info Disclosure Vulns Fixed [Updated]
